|
1
8 package org.apache.avalon.phoenix.components.classloader;
9
10 import java.io.File  ;
11 import java.io.InputStream ;
12 import java.lang.reflect.Constructor ;
13 import java.net.MalformedURLException ;
14 import java.net.URL ;
15 import java.security.KeyStore ;
16 import java.security.KeyStoreException ;
17 import java.security.Permission ;
18 import java.security.Permissions ;
19 import java.security.UnresolvedPermission ;
20 import java.security.cert.Certificate ;
21 import java.util.ArrayList ;
22 import java.util.HashMap ;
23 import java.util.PropertyPermission ;
24 import java.util.StringTokenizer ;
25 import org.apache.avalon.excalibur.i18n.ResourceManager;
26 import org.apache.avalon.excalibur.i18n.Resources;
27 import org.apache.avalon.framework.configuration.Configurable;
28 import org.apache.avalon.framework.configuration.Configuration;
29 import org.apache.avalon.framework.configuration.ConfigurationException;
30 import org.apache.avalon.framework.context.DefaultContext;
31 import org.apache.avalon.phoenix.components.util.ResourceUtil;
32
33
38 class DefaultPolicy
39 extends AbstractPolicy
40 implements Configurable
41 {
42 private static final Resources REZ =
43 ResourceManager.getPackageResources( DefaultPolicy.class );
44
45 private final File m_baseDirectory;
46
47 private final File m_workDirectory;
48
49 private DefaultContext m_context;
50
51 protected DefaultPolicy( final File baseDirectory,
52 final File workDirectory )
53 {
54 final HashMap map = new HashMap ();
55 map.putAll( System.getProperties() );
56 m_context = new DefaultContext( map );
57 m_context.put( "/", File.separator );
58 m_context.put( "app.home", baseDirectory );
59 m_workDirectory = workDirectory;
60 m_baseDirectory = baseDirectory;
61 }
62
63 public void configure( final Configuration configuration )
64 throws ConfigurationException
65 {
66 setupDefaultPermissions();
67
68 final Configuration[] keyStoreConfigurations = configuration.getChildren( "keystore" );
69 final HashMap keyStores = configureKeyStores( keyStoreConfigurations );
70
71 final Configuration[] grants = configuration.getChildren( "grant" );
72 if( 0 != grants.length )
73 {
74 configureGrants( grants, keyStores );
75 }
76 else
77 {
78 final String message =
79 REZ.getString( "policy.notice.full-perms" );
80 getLogger().info( message );
81 final Permissions permissions = createPermissionSetFor( getInclusiveURL(), null );
82 permissions.add( new java.security.AllPermission () );
83 }
84 }
85
86 private URL getInclusiveURL()
87 {
88 try
89 {
90 return new URL ( "file:/-" );
91 }
92 catch( final MalformedURLException mue )
93 {
94 return null;
96 }
97 }
98
99 private void setupDefaultPermissions()
100 {
101 final Permissions permissions = createPermissionSetFor( getInclusiveURL(), null );
103
104 permissions.add( new PropertyPermission ( "os.name", "read" ) );
105 permissions.add( new PropertyPermission ( "os.arch", "read" ) );
106 permissions.add( new PropertyPermission ( "os.version", "read" ) );
107 permissions.add( new PropertyPermission ( "file.separator", "read" ) );
108 permissions.add( new PropertyPermission ( "path.separator", "read" ) );
109 permissions.add( new PropertyPermission ( "line.separator", "read" ) );
110
111 permissions.add( new PropertyPermission ( "java.version", "read" ) );
112 permissions.add( new PropertyPermission ( "java.vendor", "read" ) );
113 permissions.add( new PropertyPermission ( "java.vendor.url", "read" ) );
114
115 permissions.add( new PropertyPermission ( "java.class.version", "read" ) );
116 permissions.add( new PropertyPermission ( "java.vm.version", "read" ) );
117 permissions.add( new PropertyPermission ( "java.vm.vendor", "read" ) );
118 permissions.add( new PropertyPermission ( "java.vm.name", "read" ) );
119
120 permissions.add( new PropertyPermission ( "java.specification.version", "read" ) );
121 permissions.add( new PropertyPermission ( "java.specification.vendor", "read" ) );
122 permissions.add( new PropertyPermission ( "java.specification.name", "read" ) );
123 permissions.add( new PropertyPermission ( "java.vm.specification.version", "read" ) );
124 permissions.add( new PropertyPermission ( "java.vm.specification.vendor", "read" ) );
125 permissions.add( new PropertyPermission ( "java.vm.specification.name", "read" ) );
126 }
127
128 private HashMap configureKeyStores( final Configuration[] configurations )
129 throws ConfigurationException
130 {
131 final HashMap keyStores = new HashMap ();
132
133 for( int i = 0; i < configurations.length; i++ )
134 {
135 final Configuration configuration = configurations[ i ];
136 final String type = configuration.getAttribute( "type" );
137 final String location = configuration.getAttribute( "location" );
138 final String name = configuration.getAttribute( "name" );
139
140 try
141 {
142 final KeyStore keyStore = KeyStore.getInstance( type );
143 final URL url = new URL ( location );
144 final InputStream ins = url.openStream();
145
146 keyStore.load( ins, null );
147
148 keyStores.put( name, keyStore );
149 }
150 catch( final Exception e )
151 {
152 final String message = REZ.getString( "policy.error.keystore.config", name );
153 throw new ConfigurationException( message, e );
154 }
155 }
156
157 return keyStores;
158 }
159
160 private void configureGrants( final Configuration[] configurations,
161 final HashMap keyStores )
162 throws ConfigurationException
163 {
164 for( int i = 0; i < configurations.length; i++ )
165 {
166 configureGrant( configurations[ i ], keyStores );
167 }
168 }
169
170 private void configureGrant( final Configuration configuration, final HashMap keyStores )
171 throws ConfigurationException
172 {
173
177 final String signedBy = configuration.getAttribute( "signed-by", null );
178 final String keyStoreName = configuration.getAttribute( "key-store", null );
179
180 String codeBase = configuration.getAttribute( "code-base", null );
181 if( null != codeBase )
182 {
183 codeBase = expand( codeBase );
184 codeBase = ResourceUtil.expandSarURL( codeBase,
185 m_baseDirectory,
186 m_workDirectory );
187 }
188
189 final Certificate [] signers = getSigners( signedBy, keyStoreName, keyStores );
190
191 Permissions permissions = null;
192
193 try
194 {
195 permissions = createPermissionSetFor( codeBase, signers );
196 }
197 catch( final MalformedURLException mue )
198 {
199 final String message = REZ.getString( "policy.error.codebase.malformed", codeBase );
200 throw new ConfigurationException( message, mue );
201 }
202
203 configurePermissions( configuration.getChildren( "permission" ),
204 permissions,
205 keyStores );
206 }
207
208 private void configurePermissions( final Configuration[] configurations,
209 final Permissions permissions,
210 final HashMap keyStores )
211 throws ConfigurationException
212 {
213 for( int i = 0; i < configurations.length; i++ )
214 {
215 configurePermission( configurations[ i ], permissions, keyStores );
216 }
217 }
218
219 private void configurePermission( final Configuration configuration,
220 final Permissions permissions,
221 final HashMap keyStores )
222 throws ConfigurationException
223 {
224 final String type = configuration.getAttribute( "class" );
225 final String actions = configuration.getAttribute( "actions", null );
226 final String signedBy = configuration.getAttribute( "signed-by", null );
227 final String keyStoreName = configuration.getAttribute( "key-store", null );
228
229 String target = configuration.getAttribute( "target", null );
230 if( null != target )
231 {
232 target = expand( target );
233 }
234
235 final Certificate [] signers = getSigners( signedBy, keyStoreName, keyStores );
236 final Permission permission = createPermission( type, target, actions, signers );
237
238 permissions.add( permission );
239 }
240
241 private String expand( final String value )
242 throws ConfigurationException
243 {
244 try
245 {
246 final Object resolvedValue = PropertyUtil.resolveProperty( value, m_context, false );
247 return resolvedValue.toString();
248 }
249 catch( final Exception e )
250 {
251 final String message = REZ.getString( "policy.error.property.resolve", value );
252 throw new ConfigurationException( message, e );
253 }
254 }
255
256 private Permission createPermission( final String type,
257 final String target,
258 final String actions,
259 final Certificate [] signers )
260 throws ConfigurationException
261 {
262 if( null != signers )
263 {
264 return createUnresolvedPermission( type, target, actions, signers );
265 }
266
267 try
268 {
269 final Class c = Class.forName( type );
270
271 Class paramClasses[] = null;
272 Object params[] = null;
273
274 if( null == actions && null == target )
275 {
276 paramClasses = new Class [ 0 ];
277 params = new Object [ 0 ];
278 }
279 else if( null == actions )
280 {
281 paramClasses = new Class [ 1 ];
282 paramClasses[ 0 ] = String .class;
283 params = new Object [ 1 ];
284 params[ 0 ] = target;
285 }
286 else
287 {
288 paramClasses = new Class [ 2 ];
289 paramClasses[ 0 ] = String .class;
290 paramClasses[ 1 ] = String .class;
291 params = new Object [ 2 ];
292 params[ 0 ] = target;
293 params[ 1 ] = actions;
294 }
295
296 final Constructor constructor = c.getConstructor( paramClasses );
297 final Object o = constructor.newInstance( params );
298 return (Permission )o;
299 }
300 catch( final ClassNotFoundException cnfe )
301 {
302 return createUnresolvedPermission( type, target, actions, signers );
303 }
304 catch( final Exception e )
305 {
306 final String message = REZ.getString( "policy.error.permission.create", type );
307 throw new ConfigurationException( message, e );
308 }
309 }
310
311 private Permission createUnresolvedPermission( final String type,
312 final String target,
313 final String actions,
314 final Certificate [] signers )
315 {
316 return new UnresolvedPermission ( type, target, actions, signers );
317 }
318
319 private Certificate [] getSigners( final String signedBy,
320 String keyStoreName,
321 final HashMap keyStores )
322 throws ConfigurationException
323 {
324 if( null != signedBy && null == keyStoreName )
325 {
326 keyStoreName = "default";
327 }
328
329 Certificate [] signers = null;
330
331 if( null != signedBy )
332 {
333 signers = getCertificates( signedBy, keyStoreName, keyStores );
334 }
335
336 return signers;
337 }
338
339 private Certificate [] getCertificates( final String signedBy,
340 final String keyStoreName,
341 final HashMap keyStores )
342 throws ConfigurationException
343 {
344 final KeyStore keyStore = (KeyStore )keyStores.get( keyStoreName );
345
346 if( null == keyStore )
347 {
348 final String message = REZ.getString( "policy.error.keystore.aquire", keyStoreName );
349 throw new ConfigurationException( message );
350 }
351
352 final ArrayList certificateSet = new ArrayList ();
353
354 final StringTokenizer tokenizer = new StringTokenizer ( signedBy, "," );
355
356 while( tokenizer.hasMoreTokens() )
357 {
358 final String alias = ((String )tokenizer.nextToken()).trim();
359 Certificate certificate = null;
360
361 try
362 {
363 certificate = keyStore.getCertificate( alias );
364 }
365 catch( final KeyStoreException kse )
366 {
367 final String message = REZ.getString( "policy.error.certificate.aquire", alias );
368 throw new ConfigurationException( message, kse );
369 }
370
371 if( null == certificate )
372 {
373 final String message =
374 REZ.getString( "policy.error.alias.missing",
375 alias,
376 keyStoreName );
377 throw new ConfigurationException( message );
378 }
379
380 if( !certificateSet.contains( certificate ) )
381 {
382 certificateSet.add( certificate );
383 }
384 }
385
386 return (Certificate [])certificateSet.toArray( new Certificate [ 0 ] );
387 }
388 }
389 |
Popular Tags |
Java API By Example, From Geeks To Geeks.